Basically there are 3 ways of changing the authorization process.
First of all, you can define authorization on the IIS level and add following configuration to your web.config (which is described in more detail here):
<allow roles="DOMAIN\role " />
However here you define authorization for the whole site (both admin UI and live site).
Then you can modify our authentication handler (SecurityEvents.Authenticate.Execute
) to cherry-pick only desired users. The code will look something like this
The third option is to completely override our membership providers by changing system.web.membership and system.web.roleManager configurations in your web.config and replace them with your implementations where you validate user relationships.
For me the most correct option would be the second one.
Hope this helps.